#PKCE

Proof Key for Code Exchange — securing auth flows for public clients.

2 Articles

Articles

OAuth2 and OpenID Connect: Production Security Patterns

OAuth2 flows with PKCE, refresh token rotation, theft detection, and JWT vs opaque token security tradeoffs for production.

BackendBytes Engineering Team

Read

Building an OAuth2 Authorization Server from Scratch

Backend Engineering

Backend Engineering•Oct 18•6 min read

Building an OAuth2 Authorization Server from Scratch

Understand OAuth2 by building the server side: authorization endpoint, PKCE validation, JWT generation, JWKS endpoint, and token rotation — all in Go.

BackendBytes Engineering Team

Read